Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/c06781-d5d7-4548-9dfa-b28c3c8c9909/1/ekH1YvPD-YZnP0TGaeNVBU9uPwA.roa
File:                     ekH1YvPD-YZnP0TGaeNVBU9uPwA.roa (raw, json)
Hash identifier:          yhXaGcbJjLQcOeY+d/XbKfWIjxXbIlwUIiih7HIWhjk=
Subject key identifier:   7A:41:F5:62:F3:C3:F9:86:67:3F:44:C6:69:E3:55:05:4F:6E:3F:00
Certificate issuer:       /CN=592c699f8fecbec847d3390b4658dd3cb21c52b3
Certificate serial:       019CBE933F8FEAC3ED7676389B9D990A708F
Authority key identifier: 59:2C:69:9F:8F:EC:BE:C8:47:D3:39:0B:46:58:DD:3C:B2:1C:52:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WSxpn4_svshH0zkLRljdPLIcUrM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/c06781-d5d7-4548-9dfa-b28c3c8c9909/1/ekH1YvPD-YZnP0TGaeNVBU9uPwA.roa
Signing time:             Thu 05 Mar 2026 15:17:26 +0000
ROA not before:           Thu 05 Mar 2026 15:17:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62355
IP address blocks:        91.218.182.0/24 maxlen: 24
                          203.56.162.0/23 maxlen: 23
                          2001:67c:26dc::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/c06781-d5d7-4548-9dfa-b28c3c8c9909/1/WSxpn4_svshH0zkLRljdPLIcUrM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/c06781-d5d7-4548-9dfa-b28c3c8c9909/1/WSxpn4_svshH0zkLRljdPLIcUrM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WSxpn4_svshH0zkLRljdPLIcUrM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 21:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:be:93:3f:8f:ea:c3:ed:76:76:38:9b:9d:99:0a:70:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=592c699f8fecbec847d3390b4658dd3cb21c52b3
        Validity
            Not Before: Mar  5 15:17:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7a41f562f3c3f986673f44c669e355054f6e3f00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:d2:db:cf:f0:ef:a5:85:72:21:a7:31:bb:01:
                    b5:8f:a7:7d:b8:5c:f4:1a:19:55:a8:32:d9:93:6d:
                    02:d6:a4:a6:8e:18:7e:ba:ac:7d:53:9b:d2:76:24:
                    b5:8b:8c:04:a5:c6:51:d0:53:7f:11:d4:d0:cd:3f:
                    a7:4f:6f:90:a8:35:45:e3:d0:fb:b7:27:87:36:df:
                    1b:86:49:d1:93:3b:5d:a0:21:04:69:15:dd:40:5e:
                    02:7e:af:7a:2e:21:63:cc:81:bd:cf:71:2e:e3:b7:
                    99:de:5b:d4:d6:44:1f:be:0a:47:c5:8a:40:c6:d2:
                    1a:10:dd:4a:6d:b3:38:fa:87:4d:ed:58:c7:81:06:
                    6e:05:33:68:e9:35:f4:74:14:6d:3c:2c:41:3e:78:
                    51:bc:3a:fc:6e:ad:bb:fa:6f:c7:62:34:61:90:f0:
                    68:2f:0b:fd:20:d1:e1:16:e7:b8:cb:62:7f:f5:62:
                    9c:af:d3:7e:0f:70:95:b5:a5:c1:75:72:6b:9c:23:
                    4a:d8:db:02:1f:48:0d:4a:57:0e:10:59:f6:c1:3f:
                    75:97:09:1c:6e:33:9f:4b:cc:44:3a:89:4c:93:3d:
                    14:1b:35:fe:76:32:10:de:21:8a:c5:b0:7a:5c:48:
                    80:2e:c6:89:0e:6d:24:92:6d:fe:6f:ae:b3:2b:b1:
                    77:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:41:F5:62:F3:C3:F9:86:67:3F:44:C6:69:E3:55:05:4F:6E:3F:00
            X509v3 Authority Key Identifier:
                keyid:59:2C:69:9F:8F:EC:BE:C8:47:D3:39:0B:46:58:DD:3C:B2:1C:52:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WSxpn4_svshH0zkLRljdPLIcUrM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/c06781-d5d7-4548-9dfa-b28c3c8c9909/1/ekH1YvPD-YZnP0TGaeNVBU9uPwA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/c06781-d5d7-4548-9dfa-b28c3c8c9909/1/WSxpn4_svshH0zkLRljdPLIcUrM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.218.182.0/24
                  203.56.162.0/23
                IPv6:
                  2001:67c:26dc::/48

    Signature Algorithm: sha256WithRSAEncryption
         1c:54:d0:fc:78:ed:ff:41:c3:4a:59:09:d5:47:c6:41:76:4e:
         4c:a1:b1:a4:82:f1:0e:bc:da:0a:18:f1:f5:0b:8d:5d:fa:1f:
         93:a2:e0:e7:05:87:e6:23:e7:57:44:4d:18:db:6b:2d:60:7d:
         42:e4:b2:4d:80:4b:1f:a6:a7:2d:bb:e2:0c:e1:06:6e:70:11:
         c5:2c:7d:d8:50:77:56:74:38:44:66:70:84:52:34:b3:e9:25:
         15:7e:6a:3e:73:00:c3:d5:32:4c:b0:c2:f2:cb:c9:87:dd:24:
         a6:15:c0:41:97:95:e1:8c:00:f2:8c:76:6c:30:87:4f:7b:72:
         74:94:0f:57:22:79:2e:66:8f:52:00:76:57:e3:55:34:a2:a9:
         8b:97:11:4c:d1:59:74:3d:42:50:bc:99:3e:f7:54:56:0d:5f:
         fa:fc:c0:37:da:db:19:a5:94:a4:d6:84:77:d2:da:08:c0:4c:
         1a:24:14:cd:ee:0d:84:ed:f4:e5:ce:da:b8:04:05:13:31:2d:
         50:3e:4a:2a:24:31:87:b9:1b:af:61:12:f7:ee:2a:00:7c:86:
         c3:95:e5:23:01:0b:d3:67:cc:71:6d:17:0e:cf:d1:21:55:6f:
         1a:8b:ef:9b:9f:fb:9b:37:c6:9e:b7:cc:5e:5b:89:a7:ad:9d:
         9a:18:b5:e7
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZy+kz+P6sPtdnY4m52ZCnCPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5MmM2OTlmOGZlY2JlYzg0N2QzMzkwYjQ2NThkZDNjYjIx
YzUyYjMwHhcNMjYwMzA1MTUxNzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTQxZjU2MmYzYzNmOTg2NjczZjQ0YzY2OWUzNTUwNTRmNmUzZjAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstLbz/DvpYVyIacxuwG1j6d9uFz0
GhlVqDLZk20C1qSmjhh+uqx9U5vSdiS1i4wEpcZR0FN/EdTQzT+nT2+QqDVF49D7
tyeHNt8bhknRkztdoCEEaRXdQF4Cfq96LiFjzIG9z3Eu47eZ3lvU1kQfvgpHxYpA
xtIaEN1KbbM4+odN7VjHgQZuBTNo6TX0dBRtPCxBPnhRvDr8bq27+m/HYjRhkPBo
Lwv9INHhFue4y2J/9WKcr9N+D3CVtaXBdXJrnCNK2NsCH0gNSlcOEFn2wT91lwkc
bjOfS8xEOolMkz0UGzX+djIQ3iGKxbB6XEiALsaJDm0kkm3+b66zK7F3IwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFHpB9WLzw/mGZz9ExmnjVQVPbj8AMB8GA1UdIwQY
MBaAFFksaZ+P7L7IR9M5C0ZY3TyyHFKzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1N4cG40X3N2c2hIMHprTFJsamRQTEljVXJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9jMDY3ODEtZDVkNy00NTQ4LTlkZmEt
YjI4YzNjOGM5OTA5LzEvZWtIMVl2UEQtWVpuUDBUR2FlTlZCVTl1UHdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9jMDY3ODEtZDVkNy00NTQ4LTlkZmEtYjI4YzNjOGM5OTA5
LzEvV1N4cG40X3N2c2hIMHprTFJsamRQTEljVXJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAW9q2AwQB
yziiMA8EAgACMAkDBwAgAQZ8JtwwDQYJKoZIhvcNAQELBQADggEBABxU0Px47f9B
w0pZCdVHxkF2TkyhsaSC8Q682goY8fULjV36H5Oi4OcFh+Yj51dETRjbay1gfULk
sk2ASx+mpy274gzhBm5wEcUsfdhQd1Z0OERmcIRSNLPpJRV+aj5zAMPVMkywwvLL
yYfdJKYVwEGXleGMAPKMdmwwh097cnSUD1cieS5mj1IAdlfjVTSiqYuXEUzRWXQ9
QlC8mT73VFYNX/r8wDfa2xmllKTWhHfS2gjATBokFM3uDYTt9OXO2rgEBRMxLVA+
SiokMYe5G69hEvfuKgB8hsOV5SMBC9NnzHFtFw7P0SFVbxqL75uf+5s3xp63zF5b
iaetnZoYtec=
-----END CERTIFICATE-----